Spectrum Protect Plus Security Vulnerabilities and Issues — Spectrum Protect Plus CVE List

Lucene search

IbmSpectrum Protect Plus

10 matches found

CVE•added 2022/08/26 4:15 p.m.•374 views

CVE-2021-3669

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

5.5CVSS6.3AI score0.00008EPSS

CVE•added 2021/01/08 7:15 p.m.•59 views

CVE-2020-5022

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658.

5.3CVSS5.6AI score0.00167EPSS

CVE•added 2021/01/08 7:15 p.m.•51 views

CVE-2020-5017

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653.

5.5CVSS5.6AI score0.00033EPSS

CVE•added 2022/09/19 6:15 p.m.•46 views

CVE-2022-40234

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private ke...

5.9CVSS5.4AI score0.00065EPSS

CVE•added 2020/05/04 2:15 p.m.•41 views

CVE-2020-4209

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019.

5.5CVSS5.5AI score0.00429EPSS

CVE•added 2020/11/23 5:15 p.m.•40 views

CVE-2020-4783

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IB...

5.9CVSS5.3AI score0.00172EPSS

CVE•added 2021/06/29 4:15 p.m.•38 views

CVE-2021-20490

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.

5.5CVSS5.2AI score0.00041EPSS

CVE•added 2020/06/26 2:15 p.m.•34 views

CVE-2020-4565

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935.

5.9CVSS5.3AI score0.00239EPSS

CVE•added 2020/08/04 4:15 p.m.•34 views

CVE-2020-4631

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372.

5.5CVSS5.2AI score0.00026EPSS

CVE•added 2020/02/24 4:15 p.m.•33 views

CVE-2019-4703

IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.

5.3CVSS5.3AI score0.00138EPSS